QwikSec

Security Database

CVE

CWE

Training

CVE-2013-1937

Published: Apr 16, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is "not exploitable.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MANDRIVA

http://immunityservices.blogspot.com/2019/02/cvss.html

x_refsource_MISC

https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a

x_refsource_CONFIRM

openSUSE-SU-2013:1065

vendor-advisory

x_refsource_SUSE

FEDORA-2013-5623

vendor-advisory

x_refsource_FEDORA

http://packetstormsecurity.com/files/121205/phpMyAdmin-3.5.7-Cross-Site-Scripting.html

x_refsource_MISC

FEDORA-2013-5604

vendor-advisory

x_refsource_FEDORA

20130409 [waraxe-2013-SA#102] - Reflected XSS in phpMyAdmin 3.5.7

mailing-list

x_refsource_FULLDISC

[oss-security] 20130409 Re: CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8

mailing-list

x_refsource_MLIST

FEDORA-2013-5620

vendor-advisory

x_refsource_FEDORA

http://www.phpmyadmin.net/home_page/security/PMASA-2013-1.php

x_refsource_CONFIRM

http://www.waraxe.us/advisory-102.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.